General
-
Target
9286f9f89c091ab5c514c8e1e11d33fbde3fa0c358df864282ea1932352a23af.elf
-
Size
98KB
-
Sample
241123-dascmswnhv
-
MD5
2262b3d971e3e1443ceb8c4650afc6d6
-
SHA1
9c45c4534d0f97d7c6f5a708e80a25da4aacd028
-
SHA256
9286f9f89c091ab5c514c8e1e11d33fbde3fa0c358df864282ea1932352a23af
-
SHA512
a99a7c151edb969b4de909f1c593d159af7354b3822021c4b514b908376798752c6836598414d85935e27bdb39002a905af5798461d7c269df458173012920e3
-
SSDEEP
1536:qySoXNS55Vt82HSZ1zR3Dll1HgDDx0PbUuyLynzsTedz0:qyvUPHSZ1tDlW0TUxynbdz0
Malware Config
Targets
-
-
Target
9286f9f89c091ab5c514c8e1e11d33fbde3fa0c358df864282ea1932352a23af.elf
-
Size
98KB
-
MD5
2262b3d971e3e1443ceb8c4650afc6d6
-
SHA1
9c45c4534d0f97d7c6f5a708e80a25da4aacd028
-
SHA256
9286f9f89c091ab5c514c8e1e11d33fbde3fa0c358df864282ea1932352a23af
-
SHA512
a99a7c151edb969b4de909f1c593d159af7354b3822021c4b514b908376798752c6836598414d85935e27bdb39002a905af5798461d7c269df458173012920e3
-
SSDEEP
1536:qySoXNS55Vt82HSZ1zR3Dll1HgDDx0PbUuyLynzsTedz0:qyvUPHSZ1tDlW0TUxynbdz0
Score9/10-
Contacts a large (30731) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files
Deletes log files on the system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-